Show
On this pageWhat are Users?Anyone who visits your website is a user, including you. There are three groups of users:
What are Permissions?The ability to do actions on your site (including viewing content, editing content, and changing configuration) is governed by permissions. Each permission has a name (such as View published content) and covers one action or a small subset of actions. A user must be granted a permission in order to do the corresponding action on the site; permissions are defined by the modules that provide the actions. What are Roles?Rather than assigning individual permissions directly to each user, permissions are grouped into roles. You can define one or more roles on your site, and then grant permissions to each role. The permissions granted to authenticated and anonymous users are contained in the Authenticated user and Anonymous user roles, and depending on the installation profile you used when you installed your site, there may also be an Administrator role that is automatically assigned all permissions on your site. Each user account on your site is automatically given the Authenticated user role, and may optionally be assigned one or more additional roles. When you assign a role to a user account, the user will have all the permissions of the role when logged in. It is a good practice to make several roles on your site. In the farmers market site example, you might want the following roles:
Source file: user-concept.asciidoc Help improve this pagePage status: No known problems
IntroductionThis document explains how directory and file permissions on a UNIX or Linux machine are set and can be changed by the user. This allows you to share files or directories or to lock them down to be private. If you want to set file or directory permissions by right-clicking on the file or directory and checking or unchecking boxes, you can do that in a GUI file transfer software interface like with the MobaXterm, SSH Secure Shell client, WinSCP etc. If you are logged onto a Linux box running an Xsession you can use the Windows Explorer equivalent for Linux with either the nautilus or konqueror commands. Otherwise, this document provides a full explanation of how the UNIX command chmod works. You can see the permissions of your file using the ls command with the -l option (lowercase L not 1): % ls -l myfile.txt will return a long string of information that starts with the file’s permissions: -rw-r--r-- Every file and directory under UNIX or Linux has a set of permissions associated with it that is shown as a three digit number (such as 755). These permissions are categorized into three groups who have or do not have the permissions:
These three groups, in turn, may or may not have three different privileges:
Thus, there are nine total variables:
1. read the file 2. write to the file 3. execute the file
1. read the file 2. write to the file 3. execute the file
1. read the file 2. write to the file 3. execute the file These variables are organized into a three by three array as follows: owner group other read (r) 4 4 4 write (w) 2 2 2 execute (x) 1 1 1 ----------- ----- ----- ----- total value 7 7 7 Column ValuesThe three by three array above shows the basis for describing the set of nine permissions. Note that each permission has a numeric value associated with it:
If a permission is denied, then its value is always zero. (In the example above, all permissions have been granted.) For each category of user (owner, group member, or other) these three permission values potentially add up to seven. If we deny one or more type of permission, then that value (4, 2, or 1) is subtracted from the value for that category of user. Thus, if we wish to deny write permission to the owner’s group, we subtract 2 from the total of that permission, which leaves a column value of 5. And if we wish to deny both write and execute permissions to “others,” we subtract both 2 and 1, leaving a value of 4. These changes are shown in the array below: owner group other read (r) 4 4 4 write (w) 2 0 0 execute (x) 1 1 0 ----------- ----- ----- ----- total value 7 5 4 The total value is now 754 rather than 777. Note that whatever combination of permissions we create, the numbers will always be a unique representation of that combination, as shown in the following chart: Column Value Permissions Represented by ------------ ----------- -------------- 0 none --- 1 execute-only --x 2 write -w- 3 execute and write -wx 4 read-only r-- 5 read and execute r-x 6 read and write rw- 7 read, write, and execute rwx Total ValueJust as each column designates a specific combination of permissions, so the total value represents a specific combination of permissions associated with user types since the order is always given as: owner group other. Thus, from any three digit total value, you can deduce each of the nine possible permissions. This three-digit “total value” (in the examples above, 777 and 754) is used in defining and changing permissions, as described below. Remember that this total value is always given in the order: owner group others. Setting PermissionsWhen you wish to set the mode of a file (set the permissions) you use the UNIX command chmod at the system prompt. As you become familiar with the chmod command, try using the -v option for a verbose response as in the following example: % chmod -v 640 myfile.txt mode of `myfile.txt' changed to 0640 (rw-r-----) This command designates that the file named myfile.txt has read and write (rw-) permission for the owner (you), read-only (r–) permission for the group members, and no access permissions for others (—). Remember that the permissions for “owner” are always first and the permissions for “other” are always last. Setting permissions for a directory follows exactly the same procedure; you would simply substitute the directory name for the file name. You can also use the letters r, w, and x to set read, write, and execute permissions and the letters u, g, o, and a to specify user, group, other or all: % chmod -v a+x myfile.txt mode of `myfile.txt' changed to 0751 (rwxr-x--x) The above adds the executable permission for all users. In this example group members are granted read-only permission: % chmod -v g=r myfile.txt mode of `myfile.txt' changed to 0741 (rwxr----x) Here are some examples that if done in the following order would set the permissions as shown:
Setting Permissions Without Specifying u, g, o, or aPermissions are set for user, group, and other if u, g, o, or a are not specified, but your umask (user file-creation mask) comes into play which makes things complicated. The most common umask is 022 which means that when you create a new directory the permissions are not the default of 777 ( drwxrwxrwx) but rather 777 – 022 which is 755 ( drwxr-xr-x). And when you create a new file, the permissions are not the default 666 ( -rw-rw-rw-) but rather 666 – 022 which is 644 ( -rw-r–r–). The following will happen if your umask is the most common umask of 022:
This last example is often used in documentation when the user is being instructed to make the file executable. The reason to use the number system over the letter system to set permissions is that using the numbers allows you to set the permissions to be different for user, group, and other in one issue of the chmod command and is not reliant on how the permissions are currently set. It is good practice to use -v (verbose) option of the chmod command to see what the permissions changed to since your umask may have had a role in the creation of the permissions. Paths and PermissionsIn order for you to be able to set permissions for a file or directory, UNIX must first be able to find the file or directory. Thus, if you are not in the directory that contains the file or directory for which you are setting permissions, you must provide a path name. For example, if you were in your home directory and you wished to set permissions for a file called myfile.txt in a directory called files located in your home directory, you would use the following command: % chmod -v 644 files/myfile.txt mode of `files/myfile.txt' changed to 0644 (rw-r--r--) Determining Current PermissionsTo determine the current permissions for a file or directory, use the ls command with the -l (lowercase “L,” not the number one “1”) option, as in the following example: % ls -l myfile.txt At the left of the resulting line of output will be the list of permissions expressed as a series of ten letters and hyphens. The last nine spaces are divided into groups of three, each of which will have, in order, an r (read), w (write), and x (execute) or, if that permission has been denied by the file owner, a hyphen (-) in its space. As in setting permissions, the three groups of three are given in the order: owner group other. For example, the file whose mode was set above as 644 would have the letters: -rw-r--r-- This sequence shows that ” myfile.txt” is an ordinary file (the first dash; a ” d” in this location indicates directory) with read and write permission for the owner ( rw-), read-only permission for the owner’s group members ( r–), and read-only permission for others ( r–). If we change the mode again using the command: % chmod -v 765 myfile.txt mode of `files/myfile.txt' changed to 0644 (rw-r--r--) then the ls -l myfile.txt command would show as the permissions: -rwxrw-r-x Naturally, only the owner can modify the permissions for a file or directory. Directory vs. File PermissionsUNIX is a “top-down” environment. This means that if you deny “group” or “other” permissions to a directory, all subdirectories and files within that directory will be denied the permissions established at the directory level though the settings will appear not to have changed. For example, if the permissions to directory projects are: drwxr-xr-x and for subdirectory project1 are: drwxr-xr-x and you deny “group” and “other” permissions to access directory projects such that the permissions are now: drwx—— the permissions of subdirectory project1 visually remain the same: drwxr-xr-x but members of the group and others do not really have the permissions that are shown for subdirectory project1. This works the same way but in reverse when you create a subdirectory and set permissions to allow group members and others to access the directory. They will not be able to access the directory if they do not have access permissions for all previous directories in the path to the directory you want them to have permission to access. The minimum permission for access to a directory is execute (x). GroupsAs discussed above, there is a set of permissions for “group” associated with each file and directory. As this implies, every user of a UNIX system is a member of one or more groups. When an account is created, its user is assigned to a group, usually the user’s academic designation. The group ID number that appears on the user’s entry in the password file indicates the user’s “primary” group. Groups are designated by both a name (“faculty” for example) and a group ID number (201 is the number for faculty). The group number is arbitrary, and it will always be greater than 100. One can also be a member of one or more “secondary” groups. Unlike your primary group ID, the secondary group ID number is not on your entry in the password file. To see your group ids and all the groups of which you are a member, use the UNIX command id: % id If you own a file and if you are also a member of more than one group, you can modify the group “ownership” of that file using the chgrp command, as shown in the following example: % chgrp marine myfile.txt In this example, ” marine” is the name of the group you wish to have permissions. Note that this in no way affects the individual ownership of the file; it merely changes the group to which the group permissions apply. Only the owner can make this change (and the system administrator, of course) and the owner must be a member of both the groups involved-that is, the default group assigned to you when your login was created, and the new group to which you are granting permissions. Getting Started on UNIX/Linux Which permission allows a user access to a resource?Authorization: the process that defines that resources an authenticated user may access and what he or she may do with those resources. Authorization for Windows files and folders is controlled by the NTFS file system, which assigns permissions to users and groups.
What is a permission set group quizlet?A permission set is a collection of settings and permissions that give users access to various tools and functions.
What are the various user and group permissions?The User Group Permissions screen allows you to assign or revoke permission belonging to user groups and to "embed" user groups (along with associated permissions) into other user groups. When users are associated with a user group, they "inherit" the permissions of the user group.
What is user level access?Basic User Level Access means access rights that allow the user to read, change or delete information which she or he owns or data and objects shared with the user or the user's team. Generally, basic user level access affords the least amount of authority and permissions regarding an organization's network.
|